Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2133 Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange 24 July 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Bluetooth devices Publisher: CERT Operating System: UNIX variants (UNIX, Linux, OSX) Apple iOS Android Firmware Impact/Access: Access Privileged Data -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-5383 Reference: ESB-2018.1987.2 Original Bulletin: https://www.kb.cert.org/vuls/id/304725 - --------------------------BEGIN INCLUDED TEXT-------------------- Vulnerability Note VU#304725 Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange Original Release date: 23 Jul 2018 | Last revised: 23 Jul 2018 Overview Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Description CWE-325: Missing Required Cryptographic Step - CVE-2018-5383 Bluetooth utilizes a device pairing mechanism based on elliptic-curve Diffie-Hellman (ECDH) key exchange to allow encrypted communication between devices. The ECDH key pair consists of a private and a public key, and the public keys are exchanged to produce a shared pairing key. The devices must also agree on the elliptic curve parameters being used. Previous work on the "Invalid Curve Attack" showed that the ECDH parameters are not always validated before being used in computing the resulted shared key, which reduces attacker effort to obtain the private key of the device under attack if the implementation does not validate all of the parameters before computing the shared key. In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with high probability. Such an attacker can then passively intercept and decrypt all device messages, and/or forge and inject malicious messages. Both Bluetooth low energy (LE) implementations of Secure Connections Pairing in operating system software and BR/EDR implementations of Secure Simple Pairing in device firmware may be affected. Bluetooth device users are encouraged to consult with their device vendor for further information. Since the vulnerability was identified, the Bluetooth SIG has updated the Bluetooth specifications to require validation of any public key received as part of public key-based security procedures, thereby providing a remedy to the vulnerability from a specification perspective. In addition, the Bluetooth SIG has added testing for this vulnerability within its Bluetooth Qualification Program. The Bluetooth SIG has also released a public statement regarding the vulnerability. Impact An unauthenticated, remote attacker within range may be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by the device. The attacker can then intercept and decrypt and/or forge and inject device messages. Solution Apply an update Both software and firmware updates are expected over the coming weeks. Affected users should check with their device vendor for availability of updates. Further information for vendors is provided in the Vendor Status section below. Vendor Information (Learn More) Vendor Status Date Notified Date Updated Apple Affected 18 Jan 2018 23 Jul 2018 Broadcom Affected 18 Jan 2018 19 Jun 2018 Intel Affected 18 Jan 2018 23 Jul 2018 QUALCOMM Incorporated Affected 18 Jan 2018 06 Feb 2018 Microsoft Not Affected 06 Feb 2018 20 Jul 2018 Android Open Source Project Unknown 18 Jan 2018 18 Jan 2018 Bluetooth SIG Unknown 06 Feb 2018 06 Feb 2018 Google Unknown 19 Mar 2018 19 Mar 2018 Linux Kernel Unknown 05 Mar 2018 05 Mar 2018 If you are a vendor and your product is affected, let us know. CVSS Metrics (Learn More) Group Score Vector Base 7.3 AV:A/AC:M/Au:N/C:C/I:C/A:N Temporal 5.7 E:POC/RL:OF/RC:C Environmental 5.7 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND References o https://www.bluetooth.com/news/unknown/2018/07/ bluetooth-sig-security-update o http://cwe.mitre.org/data/definitions/325.html Credit Thanks to Lior Neumann and Eli Biham for reporting this vulnerability. This document was written by Garret Wassermann. Other Information o CVE IDs: CVE-2018-5383 o Date Public: 23 Jul 2018 o Date First Published: 23 Jul 2018 o Date Last Updated: 23 Jul 2018 o Document Revision: 62 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW1ag+maOgq3Tt24GAQhWfRAA1xSctZS91mhI9GY7vfujLtPgvHMaC3IU 2T4FGWgh0gfs7gbAIqpX0hCvDNVXuKYVv+NqBnysKDTOP/bMdXZf30+vobPbUhXf 0dVM/lICUuV1canNTrRWKi3NAQivhvXg7aifr3gBkX9XnAHxxi1XrhoHkMrMFLW7 mISQGG3ZJ9FqsuFqQ0yFCofQgP5ZPSLdLzIsQlRmBd2+HlJjmsgQumtAvUoTYWpL g3t7g6VjR8EAacyz2j88dXBMf/xrP/I1gPqDDTuSK7iPI4Pv2SO9NlNPpx64bWtt qfefTn2/F8KQaCBNLECeH/RS6WyIXGIsZf+tQEk3OEPQWgFJX8FdDXpD007M8di3 JAsPEQmwztca9F/mYuU+7BegF5055Lo9V5EVCvw26AEKx4aFL3HUuVeF6TADpZ4d T2fK1uBXJ54dFrmWnuZy5lO6yQWzC1nrvrnZR82Itmtjcr9nveeVN7nPdtwMc2yj XeHMu02rvfJIkaTxSMv7w77xoqcpI3zTySwzEs80YwDce2wZTsnqwEtNgm/uIACz Q/nnjksEAQH94h9uWw5Ev7h7g7mVH67WrobduuyHzbUCIxDTuoym3WLcNhcZmG8l Mwl0N6b0YFwPWU6EZxLB5wOUTOeAdMpQ1S2xWxSAZsBYwRuPfKkBHPsHEzSuJryb AaQKWrqE2cc= =y/Ig -----END PGP SIGNATURE-----